With a lot of the notice emails gone, some people may have assumed that there is now going to be less of a focus on GDPR. However, this is not the case and it is vital to be careful when it comes to handling data, which is why the GDPR rules were brought in.
According to the ICO (Information Commissioner’s Office) the amount of complaints regarding data misuse more than doubled between late May and early July 2018. It has also had some ramifications for businesses, as the extra work required to be GDPR compliant has also resulted in extra costs.
In some cases, there is the concern that some businesses are not taking these new rules sufficiently seriously. Aside from the fact that any reported data breaches can be terrible PR for a business, you can be heavily fined if it turns out that you have not properly handled and stored data.
Ideally, you should have a DPO (Data Protection Officer) specifically assigned to oversee this.
Another aspect to GDPR that needs to be considered is how data is accessed. Individuals may want to have their data deleted, especially if they are in the process of terminating a contract. Companies should make clear how long they hold on to a customer’s data and what will happen after a certain period.
For example, someone may sign up for a jobsearch website. After a while, they may feel that the recruitment site is not appropriate for their needs (for example the site focuses more on retail rather than security or PR jobs). In this instance, they can request when their data is deleted via a subject access request (SAR).
Ideally, companies should be proactive, making clear how their process and works and what they do with the information that is given to them. In recent times, more companies are including GDPR as part of their terms and conditions.
In some instances, it can work the other way around- some people working with companies may come up with their own data processing agreements, so that they can outline how they want a business to work with their information, making the process clearer for both parties concerned.
It is the responsibility of companies to report any breaches to clients- this should be within 72 hours of the breach occurring, and ideally as soon as possible. This is especially important if the breach has any high-risk issues that could have a serious effect on clients. If people feel that this is not treated seriously enough then it is very likely they will go elsewhere, especially if they feel that companies are not being truthful or did not address the situation quickly enough.
We can help
GDPR can seem overwhelming but it doesn’t have to be. Working with a professional company overseeing the handling can cut the risk of any breaches and ensure information is properly secured. To find out more about how we can help or to discuss your company’s issues in more detail please contact Digi Toolbox Ltd today.